Add mimeprotect templates

[willhackett]

Description

Add 6 Domain Connect templates for MimeProtect email security services. Each template handles a specific email security feature, allowing users to apply only what they need:

• domain-verification: TXT record for domain ownership verification
• dmarc: CNAME delegation for DMARC reporting and policy management
• spf: SPFM record for SPF hosting with automatic flattening
• tlsrpt: CNAME for TLS-RPT (SMTP TLS Reporting)
• mta-sts: CNAMEs for MTA-STS policy and well-known endpoint
• bimi: CNAME for BIMI (Brand Indicators for Message Identification)

All records delegate to *.zone.mimeprotect.com for centralized management.

Type of change

Please mark options that are relevant.

• New template
• Bug fix (non-breaking change which fixes an issue in the template)
• New feature (non-breaking change which adds functionality to the template)
• Breaking change (fix or feature that would cause existing template behavior to be not backward compatible)

How Has This Been Tested?

Please mark the following checks done

• Schema validated using JSON Schema template.schema
• Template functionality checked using Online Editor
• Template is checked using template linter
• Template file name follows the pattern <providerId>.<serviceId>.json
• resource URL provided with logoUrl is actually served by a webserver

Checklist of common prolems of issues (mark all the checkboxes after conducting the check). Comment on any point which is not fulfilled.

• digital signatures are used and syncPubKeyDomain specified (yes, warnPhishing is an option, but some providers reject such templates by policy, so signing shall be a default)
• syncRedirectDomain is specified when intended to use redirect_uri parameter in the synchronous flow
• no TXT record with SPF content (i.e. "v=spf1 ...") instead of using SPFM record type on APEX
• txtConflictMatchingMode is set on TXT records which shall be unique on a label (like DMARC)
• variables are set to the smallest scope needed (i.e. limit possibility to be misused to set any arbitrary record and conflict with other template). Too broad scope example: @ TXT "%verification%". Better usage: @ TXT "foo-verification=%verification%".
• no variables as a host name to apply template on subdomain instead of standard host parameter
• no explicit usage of %host% variable in host attribute
• essential setting is used on records, which the user shall be able to change or remove manually later without dropping the whole template (like DMARC)

Example variable values

  domain-verification:
  "testData": {
    "verification-test": {
      "variables": {
        "verificationToken": "mimeprotect-verify=abc123def456"
      },
      "results": [
        { "type": "TXT", "name": "@", "ttl": 3600, "data": "\"mimeprotect-verify=abc123def456\"" }
      ]
    }
  }

  dmarc:
  "testData": {
    "dmarc-test": {
      "variables": { "domain": "example.com" },
      "results": [
        { "type": "CNAME", "name": "_dmarc", "ttl": 3600, "data": "_dmarc.example.com.zone.mimeprotect.com" }
      ]
    }
  }

  spf:
  "testData": {
    "spf-test": {
      "variables": { "domain": "example.com" },
      "results": [
        { "type": "SPFM", "name": "@", "ttl": 3600, "spfRules": "include:spf.example.com.zone.mimeprotect.com" }
      ]
    }
  }

  tlsrpt:
  "testData": {
    "tlsrpt-test": {
      "variables": { "domain": "example.com" },
      "results": [
        { "type": "CNAME", "name": "_smtp._tls", "ttl": 3600, "data": "_smtp._tls.example.com.zone.mimeprotect.com" }
      ]
    }
  }

  mta-sts:
  "testData": {
    "mta-sts-test": {
      "variables": { "domain": "example.com" },
      "results": [
        { "type": "CNAME", "name": "_mta-sts", "ttl": 600, "data": "_mta-sts.example.com.zone.mimeprotect.com" },
        { "type": "CNAME", "name": "mta-sts", "ttl": 3600, "data": "cname.mimeprotect.com" }
      ]
    }
  }

  bimi:
  "testData": {
    "bimi-test": {
      "variables": { "domain": "example.com", "bimiSelector": "default" },
      "results": [
        { "type": "CNAME", "name": "default._bimi", "ttl": 3600, "data": "default._bimi.example.com.zone.mimeprotect.com" }
      ]
    }
  }

[github-actions]

Linter OK:

Linter result for mimeprotect.com.bimi.json
Linter result for mimeprotect.com.dmarc.json
Linter result for mimeprotect.com.domain-verification.json
Linter result for mimeprotect.com.mta-sts.json
Linter result for mimeprotect.com.spf.json
Linter result for mimeprotect.com.tlsrpt.json

[Copilot]

Pull request overview

This PR adds 6 Domain Connect templates for MimeProtect email security services. Each template provides DNS record configuration for a specific email security feature through delegation to MimeProtect's zone management.

Changes:

• Added domain verification template using TXT record for ownership proof
• Added DMARC, SPF, TLS-RPT, MTA-STS, and BIMI templates using CNAME/SPFM delegation
• All templates delegate to *.zone.mimeprotect.com for centralized management

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
mimeprotect.com.domain-verification.json	TXT record for domain ownership verification with conflict matching
mimeprotect.com.dmarc.json	CNAME delegation for DMARC policy management
mimeprotect.com.spf.json	SPFM record for SPF hosting with automatic flattening
mimeprotect.com.tlsrpt.json	CNAME for TLS-RPT (SMTP TLS Reporting)
mimeprotect.com.mta-sts.json	CNAMEs for MTA-STS policy and well-known endpoint
mimeprotect.com.bimi.json	CNAME for BIMI with configurable selector

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[pawel-kow]

On top of other findings please complete the "Checklist of common problems"

[willhackett]

On top of other findings please complete the "Checklist of common problems"

@pawel-kow thank you for reviewing. 🙏🏻 I've amended the PR as requested.

[pawel-kow]

One question to the use of %domain% variable.
Is it intentional to use it instead of %fqdn%?

The difference is only there visible for subdomains (host parameter not empty). Try with the online editor if the template does what you expect.